Koozali.org: home of the SME Server

VPN Configuration

Offline mheymann

  • *
  • 24
  • +0/-0
VPN Configuration
« on: March 05, 2008, 05:07:45 PM »
I have a SME 7.3 server and have a couple of questions about VPN access
If these questions have been answered please forgive me and help me find where

The situation is this, I have a couple of workstations on my LAN that are running
Ultra VNC with the proper port forwarding setup on the server so a user can
access their local desktop from a remote location (their home.)  For the few
connections we currently have this is acceptable.  It looks like we might have
a need for several more connections and I was looking at using VPN to allow
a connection from a remote system to pass through the server to a local
desktop.  Most of the documentation seem to indicate that VPN is to allow a
remote user to connect to the server to access server resources.

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: VPN Configuration
« Reply #1 on: March 05, 2008, 06:00:30 PM »
Hi..

when you connect to the server via vpn you are "in".. your remote pc behave exactly as it is in your lan..

so, no problem to do what you want..

HTH
Stefano

Offline mheymann

  • *
  • 24
  • +0/-0
Re: VPN Configuration
« Reply #2 on: March 05, 2008, 06:29:53 PM »
I don't think you understand my question
I try to make a little diagram to better explain the layout and desired task


   Internet ----------------------------- Remote Workstation
        |
        |
    Router
        |
        |
    SME Server in server Gateway mode ------- Lan workstation
     

I want to be able to connect from the remote workstation to the
lan workstation to access several different resources on the
lan workstation.  I do not want the user to connect directly to the
SME server.  The only resource on the SME server they would
use would be E-Mail and I have them using Horde webmail

The Idea is like the "Go To My PC" program
We have done this by installing VNC server on the Lan workstation
and creating the correct port forwarding rule on the server but the
number of connections and ports that are being forwarded is growing
and I am not sure this is a good idea
       

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: VPN Configuration
« Reply #3 on: March 05, 2008, 06:52:23 PM »
mmmhh...

maybe you don't understand.. :-)

connect via vpn to sme.. then you can connect to every lan vorkstation with every kind of program you prefer..

if you don't want to make a vpn, you can make a ssh tunnel

HTH

Ciao
Stefano

Offline mheymann

  • *
  • 24
  • +0/-0
Re: VPN Configuration
« Reply #4 on: March 05, 2008, 07:11:53 PM »
OK maybe I don't fully understand.

If I have an in house program on the C:\ drive of the Lan workstation
as well as an input data file on the C:\ drive of the Lan workstation
after I connect to the server via a VPN connection how would I connect
to the Lan workstation to say, run the local programs modify the text
files on the C:\ drive, or send output to the printer connected to
the paraelle port on the Lan workstation.

I must admit I am quite a noob about VPN and need help

Offline Confucius

  • ****
  • 235
  • +0/-0
Re: VPN Configuration
« Reply #5 on: March 05, 2008, 08:47:31 PM »
my 2 cents: start reading about RDP

Offline e[nt]e

  • *
  • 172
  • +0/-0
Re: VPN Configuration
« Reply #6 on: March 05, 2008, 09:59:11 PM »
If you connect via VPN to the SME Server the Remote Workstation get's a local IP. So it is in the same LAN as the LAN Workstation. That means you can access the LAN Workstation in exactly the same way as if you are using another LAN Workstation.

Hope that helps
Niklas

OK maybe I don't fully understand.

If I have an in house program on the C:\ drive of the Lan workstation
as well as an input data file on the C:\ drive of the Lan workstation
after I connect to the server via a VPN connection how would I connect
to the Lan workstation to say, run the local programs modify the text
files on the C:\ drive, or send output to the printer connected to
the paraelle port on the Lan workstation.

I must admit I am quite a noob about VPN and need help
1984 wasn't meant to be a manual.

Offline pfloor

  • ****
  • 889
  • +1/-0
Re: VPN Configuration
« Reply #7 on: March 05, 2008, 10:04:56 PM »
Let's clear up a couple of things here so the OP is fully aware before he dives into VPN:

1-VPN is a tricky beast, it uses port 1723 AND protocol 47.  Protocol 47 (GRE) is not a port and therefor you can't just forward it and establishing a passthrough is difficult.

2-You can't VPN through an SME server to a local machine (as of now it doesn't work because of complications in #1).

3-You may have problems trying to establish a VPN through a router to the SME box (as in your setup) for the same reason as #1 but this depends on the router.

4-If you can VPN into the SME with your current configuration, trying to "run" programs or access large files on the local network over the VPN will be brutally SLOW.

I've always wanted to say this :-): "Like Confucius say"...look into RDP.

« Last Edit: March 05, 2008, 10:06:28 PM by pfloor »
In life, you must either "Push, Pull or Get out of the way!"

Offline versa

  • ***
  • 109
  • +0/-0
Re: VPN Configuration
« Reply #8 on: March 05, 2008, 10:34:34 PM »
Remote access have a look at:

https://secure.logmein.com/home.asp?lang=en
......

Offline raem

  • *
  • 3,972
  • +4/-0
Re: VPN Configuration
« Reply #9 on: March 05, 2008, 11:21:32 PM »
mheymann

Perhaps you have missed the following concepts to do with normal VPN into a sme server & remote network.

After establishing a VPN connection with the sme server, users then need to connect to shares eg
to map a ibay do
net use N: \\serverIP\ibayname
or
net use N: \\servername\ibayname

to see all server shares do
\\serverIP
or
\\servername

to connect to a workstation C: drive (that has been shared in Windows) do
\\workstationname
or
\\workstationIP
or
net use W: \\workstationIP\c

Note that if VPN'ing from behind another sme server, then the IP number and name of the local sme server & the remote sme server must be different.


...

Offline mheymann

  • *
  • 24
  • +0/-0
Re: VPN Configuration
« Reply #10 on: March 06, 2008, 05:27:39 PM »
Pfloor provided me with the answer i was searching

2-You can't VPN through an SME server to a local machine (as of now it doesn't work because of complications in #1).

This says that what I was hoping to do I am not able to do "oh well"
What I will need to do is

1- install VNC Server on the local machine
2- give the local machine a static internal IP address
3- create a port forwarding rule on the server to direct port XXXX to the static internal IP address of the local machine
4- have the user logon to "xxx.xxx.xxx.xxx:xxxx" (external IP address of server:port number)
    from their web browser on their remote machine

This method works like "LogMeIn" or "GoToMyPC"
While this works, it is slow and more to the real issue is that for each connection
another port forward rule needs to be created which is another potential security issue

Thank you all for help

Offline Confucius

  • ****
  • 235
  • +0/-0
Re: VPN Configuration
« Reply #11 on: March 06, 2008, 05:33:51 PM »
I say it 1 more time : Dig into RDP (Remote Desktop Protocol) ... Encrypted, fast & flexible.

Offline JoshuaR

  • ***
  • 125
  • +0/-0
    • Tech-Eze
Re: VPN Configuration
« Reply #12 on: March 07, 2008, 01:07:58 AM »
If you want to connect directly to a workstation and not to the server at all, although it may not be possible to do this via VPN at the moment, depending on your needs you might consider RDP. 

You can port forward a random port on your server to your workstation machine's port 3389.  That way you can have direct RDP access to that machine.  To access it you would need to RDP to something like http://yourServerAddress:2345        2345 would be the port you forwarded to your workstation's port 3389... etc   


Probably not what you're after, but it's an option anyway...  :-D
Life's tragedy is that we get old too soon, and wise too late...

Offline raem

  • *
  • 3,972
  • +4/-0
Re: VPN Configuration
« Reply #13 on: March 07, 2008, 01:53:41 AM »
Dear All

I created this VPN Howto, I'm sure more practical tips can be added to it.
http://wiki.contribs.org/VPN_practical_tips
...

Offline tviles

  • ****
  • 197
  • +0/-0
Re: VPN Configuration
« Reply #14 on: September 25, 2008, 04:28:47 AM »
Your VPN guide was very helpful to me thanks. Also the RDP section explains the missing link needed for remote desktop into a lan workstation.